Vulnerability Description
The txrx stats req might be double freed in the pdev detach when the host driver is unloading in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8064, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCA9558, QCA9880, QCA9886, QCA9980, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Ipq8064 Firmware | - |
| Qualcomm | Ipq8064 | - |
| Qualcomm | Mdm9150 Firmware | - |
| Qualcomm | Mdm9150 | - |
| Qualcomm | Mdm9206 Firmware | - |
| Qualcomm | Mdm9206 | - |
| Qualcomm | Mdm9607 Firmware | - |
| Qualcomm | Mdm9607 | - |
| Qualcomm | Mdm9640 Firmware | - |
| Qualcomm | Mdm9640 | - |
| Qualcomm | Mdm9650 Firmware | - |
| Qualcomm | Mdm9650 | - |
| Qualcomm | Msm8996Au Firmware | - |
| Qualcomm | Msm8996Au | - |
| Qualcomm | Qca6174A Firmware | - |
| Qualcomm | Qca6174A | - |
| Qualcomm | Qca6574Au Firmware | - |
| Qualcomm | Qca6574Au | - |
| Qualcomm | Qca9377 Firmware | - |
| Qualcomm | Qca9377 | - |
Related Weaknesses (CWE)
References
- https://www.codeaurora.org/security-bulletin/2019/05/06/may-2019-code-aurora-secPatchThird Party Advisory
- https://www.codeaurora.org/security-bulletin/2019/05/06/may-2019-code-aurora-secPatchThird Party Advisory
FAQ
What is CVE-2018-11947?
CVE-2018-11947 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The txrx stats req might be double freed in the pdev detach when the host driver is unloading in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Indu...
How severe is CVE-2018-11947?
CVE-2018-11947 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-11947?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Ipq8064 Firmware, Qualcomm Ipq8064, Qualcomm Mdm9150 Firmware, Qualcomm Mdm9150, Qualcomm Mdm9206 Firmware.